Medical Practice Platform
HIPAA-Ready Patient Portal for Medical Practices
The Challenge
Healthcare practices need patient portals that handle PHI, but the compliance overhead is enormous. Every hosting provider, database, and auth system in the PHI path requires a signed BAA. Most small practices can't afford enterprise HIPAA add-ons.
The Approach
Built a Next.js 14 SSR app with Supabase Auth supporting 4 roles (patient/staff/provider/admin) via JWT custom claims. Designed AWS migration plan that cuts hosting costs by 90%. Authored a full compliance decision framework covering PHI vs PII classification, BAA triggers, and hosting compliance matrices.
The Solution
Portal architecture is complete with RBAC, session timeout design, audit log foundation, and patient identity verification. AWS migration decision report authored with phased cutover (hosting first, data plane second). Comprehensive HIPAA compliance gap analysis with 5 remaining items before go-live.
Results
- Next.js 14 SSR with 4-role Supabase Auth (patient/staff/provider/admin)
- AWS migration plan: 90% cost reduction from enterprise hosting
- HIPAA compliance gap analysis with 5 items remaining
- BAA compliance framework for PHI workloads
- Pre-production — awaiting hosting decision
Interested in working together?
I bring the same depth of thinking to client projects as I do to my own work.
Get in touch →